module.exports = app => {
    const express = require('express')
    const jwt = require('jsonwebtoken')
    const AdminUser = require('../../models/AdminUser')
    const assert = require('http-assert')
    const router = express.Router({
        mergeParams : true
    })

    router.post('/',async (req,res) => {
        const model = await req.Model.create(req.body)
        res.send(model)
    })
    router.put('/:id',async (req,res) => {
        const model = await req.Model.findByIdAndUpdate(req.params.id,req.body)
        res.send(model)
    })
    router.delete('/:id',async (req,res) => {
        await req.Model.findByIdAndDelete(req.params.id,req.body)
        res.send({
            success : true
        })
    })
    router.get('/', async (req,res) => {
        const queryOptions = {}
        if(req.Model.modelName === 'Category')
        {
            queryOptions.populate = 'parent'
        }
        const items = await req.Model.find().setOptions(queryOptions).limit(100)
        res.send(items)
    })
    router.get('/:id',async (req,res) => {
        const model = await req.Model.findById(req.params.id)
        res.send(model)
    })
    //登录校验中间件
    const authMinddleware = async(req,res,next) =>{
        const token = String(req.headers.authorization || '').split(' ').pop()
        assert(token,401,'无效的身份')
        const { id } = jwt.verify(token,app.get('secret'))
        assert(id,401,'无效的用户')
        req.user = await AdminUser.findById(id)
        assert(req.user,401,'请先登录')
        await next()
    }

    //资源中间件 
    const resourceMiddleware = async (req,res,next) =>{
        const modelName = require('inflection').classify(req.params.resource)
        req.Model = require(`../../models/${modelName}`)
        next()
    } 

    app.use('/admin/api/rest/:resource',authMinddleware, resourceMiddleware,router)

    

    const multer = require('multer')
    const upload = multer({dest : __dirname + '/../../uploads'})
    app.post('/admin/api/upload', authMinddleware,upload.single('file'), async (req,res) => {
        const file = req.file
        file.url = `http://localhost:3000/uploads/${file.filename}`
        res.send(file)
    })

    app.post('/admin/api/login',async(req,res) =>{
        const { username , password} = req.body
        const user = await AdminUser.findOne({username}).select('+password')
        assert(user,422,'用户不存在')
        
        const isValid = require('bcryptjs').compareSync(password,user.password)
        assert(isValid,422,'密码错误')
        const token = jwt.sign({id : user._id},app.get('secret'))
        res.send({token})
    })

    //错误处理
    app.use(async (err,req,res,next) =>{
        res.status(err.statusCode || 500).send({
            message : err.message
        })
    })
}